◎ 01The Library
Twenty-five years, condensed.
Published works, executive briefings, and the occasional polemic. Long-form research is offered both as open-access summary and as paid full version; full versions include methodology appendices, YARA/STIX where applicable, and a no-questions update window.
The Glasswing Effect.
A five-part LinkedIn series on the implications of Anthropic's Claude Mythos AI model for managed security operations, vendor risk, OT/IT environments, and MSS delivery. Currently live and updating.
Why Glasswing Changes the MSS Buyer's Conversation
The opening salvo: what Claude Mythos means for the way security executives talk to their managed-service vendors — and why the renewal conversation in 2026 won't look like 2024's.
Vendor Risk in the Age of Mythos-Class Models
Third-party risk assessment was already broken. Now it has to account for the AI inside the supplier. A working framework, plus the questionnaire we use on engagements.
OT/IT Convergence, Now With an Autonomous Auditor
The convergence conversation gets sharper when the auditor is fast, tireless, and reads documentation faster than the people who wrote it. Implications for plant managers, control engineers, and the IT/OT firewall.
Manufacturing & OT Risk in a Mythos-Equipped Adversary Landscape
In progress. The fourth installment: what changes for US manufacturing security programs when the adversary's tooling is one prompt away. Drafting now.
The Service Model After Glasswing — A Practitioner's Forecast
Series finale: what the MSS business model looks like 18 months out, written by an operator who runs the desk. Includes a buyer-side checklist for evaluating vendors against the new bar.
Field-grade intelligence.
Full intelligence packages — narrative, indicators, YARA, STIX, ATT&CK mapping, vertical-specific action checklists. Sold as PDF + machine-readable artifacts.
RedKitten · Educated Manticore Cluster Brief
IRGC-aligned activity cluster, captured live. Tradecraft analysis, infrastructure mapping, YARA detections, STIX 2.1 bundle, and a 12-item action checklist for energy and manufacturing security teams.
Handala / Void Manticore — The Stryker Incident, Unpacked
Public-source reconstruction and analysis of the Handala/Void Manticore attack on Stryker Corporation. Tradecraft mapping, lessons applicable to medtech and adjacent manufacturing, and recommended detective controls.
Programs and playbooks.
IR Readiness Assessment Program
Comprehensive readiness program — assessment instrument, scoring rubric, exec readout template, and a 12-week remediation cadence. Drop-in for organizations who need to stand up a credible IR posture quarter-over-quarter.
Tabletop Scenario Library, Vol. 1
Five fully-built tabletop exercises: BEC, OT/IT ransomware, insider threat, AiTM phishing, supply chain compromise. Facilitator pack, participant cards, injects, scoring, and hot-wash format.
BEC Readiness Assessment Checklist
Weighted assessment instrument covering identity, financial workflow, email security, vendor management, and detection telemetry. Sold standalone or bundled with the Tabletop Library.
For the corner office. And the board.
NIST CSF / CMMC Maturity Journey — A Board Narrative
Slide-ready maturity-journey deck pairing NIST CSF 2.0 and CMMC L1–L3 into a single story the board can follow. Includes outcome-driven metrics aligned to Gartner ODM.
Outcome-Driven Metrics — The Board Pack
The metrics worth showing to a board, presented the way a board reads them. Trend, threshold, and operational explanation per metric. Excel model included.
◎ 06Notify on new releases
New work, when it ships.
Two to three notes per quarter. No drip campaigns. Unsubscribe one click.
Join the Notice List